Volatility3 core commands
Assuming you're given a memory sample and it's likely from a Windows host, but have minimal information. Here's how you identify basic Windows host information using volatility.
Sometimes volatility can output/display a lot of information, and it's not necessarily easily readable. You can use the -r (render) flag to generate output in pretty (tabulated), json, csv, and quick. More information here https://volatility3.readthedocs.io/en/stable/volatility3.cli.text_renderer.html
I typically export results as csv if I want to import it into a timeline, or filter it in Excel, etc.
Display process information
If you want to display the same process information but include highlighted parent/child processes (as a tree)
Dump executables and associated DLLs (you need the process ID/PID first)
Last updated